#7053 Staging instance for happiness packets
Closed: Fixed 3 months ago by algogator. Opened 4 months ago by algogator.

  • Describe what you need us to do:
    1. I need a staging instance for happiness packets (some background https://pagure.io/fedora-infrastructure/issue/6690). The current dev instance is happinesspackets.fedorainfracloud.org
    CentOS, Memory 4 Gib and disk 50GB
    2. SMTP server
    3. Client ID and secret for authentication (callback url will be /oidc/callback/)
    4. fedmsg certs

  • When do you need this? (YYYY/MM/DD)
    As soon as possible, before 18/06/29.

  • If we cannot complete your request, what is the impact?
    It's part of GSoC and I need it before the 2nd evaluations begin. Also it's part of Fedora Appreciation Week https://pagure.io/fedora-commops/issue/110 don't want the time line to get delayed


So, this service is just expected to stay on a cloud instance right? At least for now?

If so, you could just reuse the existing instance for staging then production depending on where you were in the development cycle? Or would you prefer to have seperate dev, staging and prod instances?

Metadata Update from @kevin:
- Issue assigned to kevin
- Issue priority set to: Waiting on Reporter (was: Needs Review)

4 months ago

@kevin I can reuse the current one for the staging but i would prefer to have a separate instance for production.

@kevin I still need the keys and certs for fedmsg and client ID and secrets for auth, plus the smtp server for happinesspackets.fedorainfracloud.org

Well, I don't think we planned for this having dev and stg and prod or we would have named the current one with -dev in the name. So, what would you like to do about the prod one? perhaps it would be easier to keep this one as prod and get a new -stg one with stg in the name?

I can generate fedmsg certs, but we need to decide the hostname(s) first. WIll it be sending or listening for or both fedmsgs?

Which "client ID and secrets for auth" do you mean exactly here?

For smtp server, it could just send directly out (we don't block port 25 in our cloud network). If that won't work for some reason we could allow it to relay via bastion.fedoraproject.org.

Sorry for all the questions...

Well, I don't think we planned for this having dev and stg and prod or we would have named the current one with -dev in the name. So, what would you like to do about the prod one? perhaps it would be easier to keep this one as prod and get a new -stg one with stg in the name?

That sounds good

I can generate fedmsg certs, but we need to decide the hostname(s) first. WIll it be sending or listening for or both fedmsgs?

Sending them

Which "client ID and secrets for auth" do you mean exactly here?

So I can authenticate against Ipsilon https://fedoraproject.org/wiki/Infrastructure/Authentication

For smtp server, it could just send directly out (we don't block port 25 in our cloud network). If that won't work for some reason we could allow it to relay via bastion.fedoraproject.org.

Ok I can do that

Sorry for all the questions...

No worries!

So to summarize:

We need to get you:

  • a happinesspackets-stg.fedorainfracloud.org cloud instance for staging.

  • fedmsg certs for stg and prod and we need to make sure you can talk to our gateway to send those in.

  • OIDC information to auth against us

So to summarize:
We need to get you:

a happinesspackets-stg.fedorainfracloud.org cloud instance for staging.

fedmsg certs for stg and prod and we need to make sure you can talk to our gateway to send those in.

OIDC information to auth against us

Yes that sounds about right

  • happinesspackets-stg.fedorainfracloud.org should be there now and have everyone's ssh key that the existing one has.

  • I have issued fedmsg certs for both stg and prod, they are on those machines deployed by ansible.

So, all thats left is the OIDC setup.

happinesspackets-stg.fedorainfracloud.org should be there now and have everyone's ssh key that the existing one has.

I have issued fedmsg certs for both stg and prod, they are on those machines deployed by ansible.

Thanks!

So, all thats left is the OIDC setup.

Any update on this?

OpenIDC client IDs are happinesspackets.
Ansible vars for the secrets are happiness_packets_oidc_secret_stg and happiness_packets_oidc_secret_prod.

Additionally you MUST use https wiith oidc. I have setup https on both machines for you. You may want to disable http or have it redirect to https to make sure everyone is using the https version.

I think we have everything done now here? If there's anything further you need please open a new ticket or otherwise let us know!

:rainbow:

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 months ago

Metadata Update from @algogator:
- Issue status updated to: Open (was: Closed)

3 months ago

I can't see any of the messages in the bus

import fedmsg
__name__ = "shell"
for name, endpoint, topic, msg in fedmsg.tail_messages():
    print topic

What I'm trying to use to publish the message

import fedmsg
__name__ = "shell"

fedmsg.init()

try:
    fedmsg.publish(topic='happinesspacket.send', msg={
        'test': "Hello World",
    })

except Exception as e:
    print(e)

And in endpoints.py
"shell.happinesspackets-stg": ["tcp://happinesspackets-stg.fedorainfracloud.org:3000","tcp://happinesspackets-stg.fedorainfraclou...

As I mentioned before, the endpoints in there are not used for infra cloud instances.
You want to instead make sure that you use the active transport mechanism.

Feel free to generate that file from the information you have.

fedmsg works now thanks!
final thing @kevin could you disable http?

I can, but perhaps it would be better to redirect http to https?

That way if someone tries to go to the http site they would get redirected?

I see the -stg site already has that. I added it to the prod one. :)

So I think thats all you need from us? Please feel free to file a new ticket or reopen if you need anything further.

thanks.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 months ago

Login to comment on this ticket.

Metadata